<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<meta name="keywords" content="SecuLution online documentation, web online help, web help" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<link rel=stylesheet href="default.css" type="text/css" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

 <TITLE>SecuLution Dokumentation - Import trustworthy software</TITLE>
<STYLE type="text/css">
.t0i { font-family: Tahoma, Verdana; font-size: 11px; color: #000000; text-decoration: none } 
  .i0tab { border: 0; border-collapse: collapse; }
  .i0ind { border: 0; Height: 16px }
</STYLE>
</HEAD>
<BODY bgcolor="white" style="margin: 0; border: none; padding: 0px">
<!-- !chm2web! -->
   
<TABLE bgcolor="white" width="100%" border="0" cellpadding="3">
 <TR>
  <TD align="left" width="100" nowrap>
   <a href="http://www.seculution.com" target="_top">Home</a> &nbsp;&nbsp;
  </TD>
  <TD align="center"  nowrap>
   <b><font size="3pt" color="black">SecuLution Dokumentation</font></b>
  </TD>
  <TD align="right" width="120" nowrap>
   <a href="schedule_tasks.htm">back</a>
   <a href="lernmode.htm">next</a>
  </TD>
 </TR>
</TABLE>
<TABLE width="100%" border="1" cellpadding="5">
<TR valign="top">
  <TD width="200" bgcolor="white" nowrap><table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="welcome.htm" ><span      >Welcome</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="principle.htm" ><span      >SecuLution technique and terminology</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>Quick start</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="quickstart_test_setup.htm" ><span      >Test setup in 30 minutes</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="best_practice_everyday.htm" ><span      >Best practice in everyday use</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="quickstart_full_setup.htm" ><span      >Full setup and deployment in 5 hours</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>Installation of components</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="server_appliance_installation.htm" ><span      >Install Appliance</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="adminwizard_installation.htm" ><span      >AdminWizard installation</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="agent_installation.htm" ><span      >Agent installation</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="syslog_server_installation.htm" ><span       >Syslog server installation</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>Initial configuration tasks</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="configure_basic_settings.htm" ><span       >Configure basic settings</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="configuration_agent.htm" ><span       >Agent configuration</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="schedule_tasks.htm" ><span       >Configure automated tasks</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>Manage whitelist</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>Initial whitelist generation</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="import_trusted_applications.htm" ><span class="chitemsel" >Import trustworthy software</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="lernmode.htm" ><span       >Learn mode</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="check_deployment.htm" ><span       >Check deployment and learning progress</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="audit.htm" ><span       >Audit</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>Add entries to whitelist</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="dragndrop.htm" ><span       >Drag'n'drop</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="individual_lernmode.htm" ><span       >Individual lernmode</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="import_from_directory.htm" ><span       >Import from directory</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="plu.htm" ><span       >PermanentLernUser</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="log_alarms.htm" ><span       >Log alarms</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>Cleanup whitelist</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="manually_delete_orphaned.htm" ><span       >Manually delete unused entries</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="delete_from_pattern.htm" ><span       >Delete entries using a pattern</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="ruleset.htm" ><span       >Clean up classifications</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>Actions</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="actions.htm" ><span       >Actions</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="valid_for.htm" ><span       >Referring rules to objects</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>Offline mode</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="offline_mode.htm" ><span       >Offline mode</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>Devices</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="usb_device_management.htm" ><span       >USB device management</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="usb_device_encryption.htm" ><span       >USB device encryption</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>RCM</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="setup_rcm.htm" ><span       >Agent deployment (RemoteClientManagement)</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>ArpWatch</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="arpwatch.htm" ><span       >ArpWatch</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>Logs</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="logs.htm" ><span       >Logs</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="faq.htm" ><span       >FAQ</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="setup.ini.htm" ><span       >setup.ini</span></a></td>
</tr></table></TD>
  <TD bgcolor="white">
  
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<h1>Import trustworthy software</h1>

<ul>
<li><a href="#setupcomputers">Set up computers where only
trustworthy software is installed</a><br>
</li>

<li><a href="#emptyruleset">Import an empty whitelist</a><br>
</li>

<li><a href="#importsamplecomputers">Import software from trusted
computers</a><br>
</li>

<li><a href="#importtrustedsoftware">Import additional trustworthy
software</a><br>
</li>
</ul>

<hr>

<h4><a id="setupcomputers" name="setupcomputers"></a>Set up
computers where only trustworthy software is installed</h4>

<p>Write down a list of operating systems (OS) that your users work
with and that you will later secure with the Agent. Make sure you
distinguish between different service packs and different
architectures (Windows 8 and Windows 8.1 are two items on your
list, and if you run x86 and x64 architectures, that makes 4!). For
each item on your list you should create a "sample computer". This
means that each of these computers must be set up and patched. Then
you should install a good set of software of each architecture (x86
and x64) that you are running on computers in your network. This
doesn't have to include all software that you're using in your
network. Later you will make SecuLution automatically learn all the
programs that are not yet in your whitelist. To minimize the amount
of learned hashes (which you will have to audit manually later),
it's good to maximize the number of hashes you are importing into
the whitelist from a computer which you can trust.</p>

<hr>

<h4><a id="EmptyRuleset" name="EmptyRuleset"></a>Import an empty
whitelist</h4>

<p>You may already have hashes in your whitelist from previous
tests. To start from scratch, you should import a new empty
whitelist. Choose <strong>File &gt; open</strong> from the main
menu and navigate to the AdminWizard install directory (usually
"C:\Program Files (x86)\SecuLution\SecuSurf-Admin-Wizard"). Enter
the directory "RuleSets" and double-click the file "leer.ssf". This
imports a new empty whitelist. All rules and Agent configuration
settings are now gone. Scroll up and <a href=
"configuration_agent.htm">reconfigure the Agent settings</a>.</p>

<hr>

<h4><a id="importsamplecomputers" name=
"importsamplecomputers"></a>Import software from trusted
computers</h4>
The easiest way to import trustworthy hashes from a sample computer
is to install the AdminWizard on the sample computer, and then
import all files from the local "C:\" filesystem by selecting menu
item <strong>Extra &gt; Generate rules from files</strong>:<br>
<img title="MenuImportFromFiles" alt="MenuImportFromFiles" src=
"i/000648.png"><br>
<br>
Double-click on "C:\" and click "List":<br>
<img title="ImportFromDir" alt="ImportFromDir" src=
"i/000649.png"><br>
<br>
Note the field "Classification". Enter text that describes what you
are importing here. Use a semicolon to separate levels. Here we
used the string "sample computers;Windows8;x64;SP1". Click on
"Import". The AdminWizard will now create a hash for every program
on this computer and import that hash into the whitelist. Each hash
will be marked with the classification.<br>

<hr>

<h4><a id="importTrustedSoftware" name=
"importTrustedSoftware"></a>Import additional trustworthy
software</h4>

<p>You can also add trustworthy software by importing their hashes
from a UNC path. Navigate to the path in Windows Explorer and
copy/paste the path:</p>
<img title="UNC" alt="UNC" src="i/000708.png"><br>
Selecting the "unpack each file" option will expand files like
setup.exe and add their contents as well. However, there are setup
files that cannot be expanded, so this function will probably not
be able to add 100% of the software. Choosing "unpack each file"
also takes much longer. Remember to use a good classification
string.<br>
<br>
This function can be used as often as you like. Programs already
listed in the whitelist will not be changed, so you won't have
double entries.<br>
  </TD>
</TR>
</TABLE>
</BODY>
</HTML>
